Skip to content
by
  • Products
  • Free Tools
  • Search
  • Free Sophos Home
XG Firewall
Next-Gen Firewall
Intercept X
Next-Gen Endpoint
  • Sophos Cloud Optix
  • Sophos Central
  • Sophos Mobile
  • Intercept X for Server
  • Secure Wi-Fi
  • Phish Threat
  • SafeGuard Encryption
  • Secure Email
  • SG UTM
  • Secure Web Gateway
For Home Users

Sophos Home protects every Mac and PC in your home

Learn More
Free Security Tools
Free Trials
Product Demos
Have you listened to our podcast? Listen now

Hijacked NASA Kepler Twitter feed tweets entirely new type of moon shot

07 Jul 2016 3 Security threats, Twitter

Post navigation

Previous: Street View car allegedly torched by man who feared Google was watching him
Next: A Nigerian scam, old-school style!
by Lisa Vaas

Was that a photo of a new red ring around the planet Uranus, tweeted out by NASA’s Kepler account?

Guess not. They were actually panties. NASA’s Twitter account was briefly hijacked.

The peculiar stellar body that the hijacker(s) displayed on Wednesday was only up for 16 minutes before NASA wrestled back its Twitter controls.

In that narrow window of time, the post was captured by PostGhost, which archives celebrities’ deleted posts (possibly NSFW).

This isn’t standard fare for NASA’s Kepler mission, which more typically puts out news about things like finding a clump of 9 new habitable planets: those within the range of distance from a star where they could have surface temperatures that allow liquid water to pool.

In contrast, a hijacked Twitter account is, unfortunately, pretty standard fare.

We’ve seen account takeovers of Mark Zuckerberg, of Tesla and Elon Musk (with the hijackers offering free cars), of a teacher who unwittingly got turned into a porn star, of, ironically enough, Twitter CFO Anthony Noto, and of Black Lives Matter activist DeRay Mckesson, whom the account kidnappers turned into a Donald Trump supporter, to name just a few.

OTHERS STOP AT NOTIFICATION. WE TAKE ACTION
Get 24/7 managed threat hunting, detection, and response delivered by Sophos experts
Learn more

How could the @NASAKepler hijackers have gained control of the account? Let us count the ways…

If NASA reused the password on other sites, the crooks could have found it by sifting through previous data dumps. That’s the technique that Zuckerberg’s hijackers claimed to have used: specifically, s/he/they claimed to have found his (apparently reused) password by sifting through the password dump of stolen LinkedIn accounts that was posted in May.

That’s exactly why we urge you not to reuse passwords on different sites: if one of those sites gets breached, crooks can use the same login to get into wherever else you’ve used it.

They can get into your social media accounts to embarrass you, get access to your contacts, commit identity theft, and drain your banking accounts.

It’s really a bad idea to use a password twice, and here’s why.

Willy-nilly clicking on links in email is another way to get into trouble.

Phishing might sound old-school, but some of the true classics are still extremely successful.

In fact, a study from Google and the University of California, San Diego, found that there are some phishing sites that are so convincing, they work on an eye-popping 45% of visitors.

Or perhaps NASA didn’t practice good password etiquette: perhaps a staffer gave the password away to someone, or maybe it was the name of somebody’s pet. We just don’t know.

What we do know is that multifactor authentication – what Twitter refers to as login vertification – should help defend against account hijackings.

If you haven’t yet set it up for your Twitter account, why not do it today?

Having said that, note that there’s another way to hijack Twitter accounts, and muilti-factor authentication doesn’t stop it. As DeRay Mckesson found out, crooks social engineered his phone carrier into changing his phone’s SIM, thereby managing to intercept the SMS messages sent out by login verification when they changed his password.

The phone carriers have ways to set up passwords to defeat that strategy: we put out instructions for four major US carriers in the story.

Of course, as one tweet suggested, it could be a drop-dead-dumb, crazily guessable password that lead to the moon shot on @NASAKepler:

@NASAKepler I hope your password wasn’t “54321blastoff”

— Steve (@indylead) July 6, 2016

(No video? Watch on YouTube. No audio? Click on the [CC] icon for subtitles.)

  • Follow @NakedSecurity on Twitter for the latest computer security news.

  • Follow @NakedSecurity on Instagram for exclusive pics, gifs, vids and LOLs!

Free tools

Sophos Firewall Home Edition

Boost your home network security.

Sophos Scan & Clean

Free second-opinion scanner for PCs.

Sophos Cloud Optix

Monitor 25 cloud assets for free.

Post navigation

Previous: Street View car allegedly torched by man who feared Google was watching him
Next: A Nigerian scam, old-school style!

3 comments on “Hijacked NASA Kepler Twitter feed tweets entirely new type of moon shot”

  1. Bryan says:
    July 7, 2016 at 9:18 pm

    clever title Lisa. Thanks for the article–and as always for the great reminders and advice.

    Reply
  2. Bob Gustin says:
    July 7, 2016 at 10:18 pm

    Awesome, Lisa!!!

    Reply
  3. saxonrau says:
    July 9, 2016 at 7:48 am

    PostGhost has been shut down by Twitter, very much as PolitWoops was. Hopefully it will return in the same way as per it’s calm, thoughtfully-worded open letter on that link.

    Reply

What do you think? Cancel reply

Recommended reads

Jun09
by Paul Ducklin
2

S3 Ep86: The crooks were in our network for HOW long?! [Podcast + Transcript]

Jun23
by Paul Ducklin
2

S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]

May06
by Paul Ducklin
13

You didn’t leave enough space between ROSE and AND, and AND and CROWN

  • About Naked Security
  • About Sophos
  • Send us a tip
  • Cookies
  • Privacy
  • Legal
  • Intercept X
  • Intercept X for Server
  • Intercept X for Mobile
  • XG Firewall
  • Sophos Email
  • Sophos Wireless
  • Managed Threat Response
  • Cloud Optix
  • Phish Threat
© 1997 - 2022 Sophos Ltd. All rights reserved. Powered by WordPress VIP